SlideShare a Scribd company logo

AWS Summit Singapore - Next Generation Security

Amazon Web Services
Amazon Web Services

Myles Hosford, Security Solution Architect, APAC, AWS James Wilkins, Lead of the Cloud Task Force, Association of Banks Singapore (ABS) In this session we will explore the current financial regulatory landscape and future compliance trends. We will dive deep on to how to leverage AWS services to implement next generation security and compliance at scale. The session will be delivered by Myles Hosford, APAC Security Solution Architect, and James Wilkins, Lead of the Cloud Task Force for the Association of Banks Singapore (ABS).

1 of 44
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. James Wilkins Lead of the Cloud Task Force, Association of Banks Singapore (ABS) Next Generation Security for Financial Institutions Myles Hosford Principal Security Architect APAC, Amazon Web Services
“CS can potentially offer a number of advantages, which include economies of scale, cost-savings, access to quality system administration as well as operations that adhere to uniform security standards and best practices.” MAS Outsourcing Guidelines 2016 MAS Outsourcing Guidelines
ABS Cloud Implementation Guide “The guiding principle that information security controls in the Cloud must be at least as strong as what the FIs would have implemented had the operations been performed in-house should apply” Due Diligence Data Protection Disaster Recovery
Clarify Misconceptions & Support Adoption Platform to Socialise Requirements ABS Cloud Implementation Guide
ABS: Day 1 Guidance Define Materiality Vendor Due Diligence Key Controls
ABS: Day 2 Guidance Cloud Architecture Continuous Assurance MAS Material & Core
SECURITY IS JOB ZERO
Shared Security Model
AWS Compliance
AWS Artifact
Next Generation Security Benefits Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control
AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS Security Services
Define, enforce, and audit user permissions across AWS services, actions and resources. Identity & access management Identity and access management FINE GRAINED ACCESS CONTROL MULTI FACTOR AUTHENTICATION
Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment. Detective control AMAZON GUARD DUTY – INTELLIGENT THREAT DETECTION
Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS. Infrastructure security ATTACKERS AWS CUSTOMERS AWS CUSTOMERS AWS CUSTOMERS
In addition to our automatic data encryption and management services, employ more features for data protection. (including data management, data security, and encryption key storage) Data protection Elastic Load Balancing Amazon CloudFront ACM Certificate AWS Certificate Manager Developers
During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides the following tools to automate aspects of this best practice. Incident response Amazon CloudWatch CloudWatch Event Lambda Function AWS Lambda Automated Response
Next Generation Security Postures Everything as Code Ubiquitous Encryption Automated Compliance No SSH or RDP for Admin SSH
NO SSH/RDP FOR OPERATIONS
AWS Systems Manager Components Run command State manager Inventory Maintenance window Patch manager Automation Parameter store Documents
• Remotely manage thousands of Windows and Linux instances running on Amazon EC2 or on-premises • Control user actions and scope with secure, granular access control • Safely execute changes with rate control to reduce blast radius • Audit every user action with change tracking Operations at scale without SSH/RDP AWS Cloud Corporate data center IT Admin, DevOps Engineer Role-based Access Control
Operations at scale without SSH/RDP
EVERYTHING AS CODE
Everything as Code: Your Security Controls REGULATORY CONTROLS INDUSTRY CONTROLS
Everything as Code security group S3 bucket (encrypted AES256) AWS KMS Amazon Virtual Private Cloud security group EC2 instance WEB ü Cyber Security ü IT Audit ü Application ü Operations APP Logging & Monitoring VPC Security
Everything as Code ü Cyber Security ü IT Audit ü Application ü Operations
Self-Service - Approved, Secure IT IF “HIGHLY CONFIDENTIAL” THEN ENFORCE ENCRYPTION IF “PRODUCTION” THEN ENFORCE RESILIENCY
Everything as Code: Audit
Everything as Code: Audit Any IP on the Internet Telnet, insecure, clear-text protocol Mis-configuration prevented & detected BEFORE the environment is even built!
UBIQUITOUS ENCRYPTION
AWS Key Management Service Data Intelligence Business Logic Data Encryption Key Encrypted Data KMS
Ubiquitous Encryption
Ubiquitous Encryption EBS RDS Amazon Redshift S3 Amazon Glacier Encrypted in transit Fully auditable Restricted access and at rest Fully managed keys in KMS Your KMI
Controls and Visibility CloudTrail provides: • Who decrypted data • When data was decrypted • Where data was decrypted from • Stored for audit and inspection KMS CloudTrail S3Consumer requests
AUTOMATING COMPLIANCE
Automating Regulatory Compliance MAS TRM MAS Outsourcing ABS Key Controls
Automating Compliance: AWS Config Rules Changes Compliance Engine Automated Response
Automating Compliance: Encryption User launches a new server without encryption Automated response to perform encryption Automated response to terminate server AWS Config reviews change against controls you define in near real-time
Automating Compliance: Change History
BEST PRACTICES FOR SECURITY
AWS User Guides – APAC Financial Services http://bit.ly/aws-mas http://bit.ly/aws-hk http://bit.ly/aws-aus http://bit.ly/aws-rbi https://aws.amazon.com/financial-services/security-compliance/
Design Principles ü Implement a strong identity foundation ü Enable traceability ü Apply security at all layers ü Automate security best practices ü Protect data in transit and at rest ü Prepare for security events ?AWS Well Architected: Security
“CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
Thank you!

Recommended

AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...Amazon Web Services
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAmazon Web Services
 
Using Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSUsing Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSAmazon Web Services
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security ServicesAlert Logic
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
 
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitUnified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitAmazon Web Services
 

Recommended

AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...Amazon Web Services
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAmazon Web Services
 
Using Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSUsing Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSAmazon Web Services
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security ServicesAlert Logic
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013Amazon Web Services
 
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitUnified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitAmazon Web Services
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAlert Logic
 
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...Amazon Web Services
 
Understanding AWS Security
Understanding AWS Security Understanding AWS Security
Understanding AWS Security Amazon Web Services
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSKarim Hopper
 
Achieving Real-time Compliance using AWS Native Services
Achieving Real-time Compliance using AWS Native ServicesAchieving Real-time Compliance using AWS Native Services
Achieving Real-time Compliance using AWS Native ServicesAmazon Web Services
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWSAmazon Web Services
 
Shared Security in AWS
Shared Security in AWSShared Security in AWS
Shared Security in AWSPolarSeven Pty Ltd
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationAmmar Hasayen
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

More Related Content

What's hot

The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAlert Logic
 
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...Amazon Web Services
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeAlert Logic
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSKarim Hopper
 
Achieving Real-time Compliance using AWS Native Services
Achieving Real-time Compliance using AWS Native ServicesAchieving Real-time Compliance using AWS Native Services
Achieving Real-time Compliance using AWS Native ServicesAmazon Web Services
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWSAmazon Web Services
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationAmmar Hasayen
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
 

What's hot (20)

The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
 
Understanding AWS Security
Understanding AWS Security Understanding AWS Security
Understanding AWS Security
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWS
 
Achieving Real-time Compliance using AWS Native Services
Achieving Real-time Compliance using AWS Native ServicesAchieving Real-time Compliance using AWS Native Services
Achieving Real-time Compliance using AWS Native Services
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWS
 
Shared Security in AWS
Shared Security in AWSShared Security in AWS
Shared Security in AWS
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the Cloud
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 Foundation
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
 

Similar to AWS Summit Singapore - Next Generation Security

Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
Compliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesCompliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesAmazon Web Services
 
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...Marcela Cárdenas Hidalgo
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAmazon Web Services
 
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security SuperheroAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Protected Workloads Security Shakedown
Protected Workloads Security ShakedownProtected Workloads Security Shakedown
Protected Workloads Security ShakedownAmazon Web Services
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 

Similar to AWS Summit Singapore - Next Generation Security (20)

Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
Compliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesCompliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” Principles
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
 
Oas un llamado a la accion
Oas un llamado a la accionOas un llamado a la accion
Oas un llamado a la accion
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Protected Workloads Security Shakedown
Protected Workloads Security ShakedownProtected Workloads Security Shakedown
Protected Workloads Security Shakedown
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Summit Singapore - Next Generation Security

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. James Wilkins Lead of the Cloud Task Force, Association of Banks Singapore (ABS) Next Generation Security for Financial Institutions Myles Hosford Principal Security Architect APAC, Amazon Web Services
  • 2. “CS can potentially offer a number of advantages, which include economies of scale, cost-savings, access to quality system administration as well as operations that adhere to uniform security standards and best practices.” MAS Outsourcing Guidelines 2016 MAS Outsourcing Guidelines
  • 3. ABS Cloud Implementation Guide “The guiding principle that information security controls in the Cloud must be at least as strong as what the FIs would have implemented had the operations been performed in-house should apply” Due Diligence Data Protection Disaster Recovery
  • 4. Clarify Misconceptions & Support Adoption Platform to Socialise Requirements ABS Cloud Implementation Guide
  • 5. ABS: Day 1 Guidance Define Materiality Vendor Due Diligence Key Controls
  • 6. ABS: Day 2 Guidance Cloud Architecture Continuous Assurance MAS Material & Core
  • 11. Next Generation Security Benefits Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control
  • 12. AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS Security Services
  • 13. Define, enforce, and audit user permissions across AWS services, actions and resources. Identity & access management Identity and access management FINE GRAINED ACCESS CONTROL MULTI FACTOR AUTHENTICATION
  • 14. Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment. Detective control AMAZON GUARD DUTY – INTELLIGENT THREAT DETECTION
  • 15. Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS. Infrastructure security ATTACKERS AWS CUSTOMERS AWS CUSTOMERS AWS CUSTOMERS
  • 16. In addition to our automatic data encryption and management services, employ more features for data protection. (including data management, data security, and encryption key storage) Data protection Elastic Load Balancing Amazon CloudFront ACM Certificate AWS Certificate Manager Developers
  • 17. During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides the following tools to automate aspects of this best practice. Incident response Amazon CloudWatch CloudWatch Event Lambda Function AWS Lambda Automated Response
  • 18. Next Generation Security Postures Everything as Code Ubiquitous Encryption Automated Compliance No SSH or RDP for Admin SSH
  • 20. AWS Systems Manager Components Run command State manager Inventory Maintenance window Patch manager Automation Parameter store Documents
  • 21. • Remotely manage thousands of Windows and Linux instances running on Amazon EC2 or on-premises • Control user actions and scope with secure, granular access control • Safely execute changes with rate control to reduce blast radius • Audit every user action with change tracking Operations at scale without SSH/RDP AWS Cloud Corporate data center IT Admin, DevOps Engineer Role-based Access Control
  • 22. Operations at scale without SSH/RDP
  • 24. Everything as Code: Your Security Controls REGULATORY CONTROLS INDUSTRY CONTROLS
  • 25. Everything as Code security group S3 bucket (encrypted AES256) AWS KMS Amazon Virtual Private Cloud security group EC2 instance WEB ü Cyber Security ü IT Audit ü Application ü Operations APP Logging & Monitoring VPC Security
  • 26. Everything as Code ü Cyber Security ü IT Audit ü Application ü Operations
  • 27. Self-Service - Approved, Secure IT IF “HIGHLY CONFIDENTIAL” THEN ENFORCE ENCRYPTION IF “PRODUCTION” THEN ENFORCE RESILIENCY
  • 29. Everything as Code: Audit Any IP on the Internet Telnet, insecure, clear-text protocol Mis-configuration prevented & detected BEFORE the environment is even built!
  • 31. AWS Key Management Service Data Intelligence Business Logic Data Encryption Key Encrypted Data KMS
  • 33. Ubiquitous Encryption EBS RDS Amazon Redshift S3 Amazon Glacier Encrypted in transit Fully auditable Restricted access and at rest Fully managed keys in KMS Your KMI
  • 34. Controls and Visibility CloudTrail provides: • Who decrypted data • When data was decrypted • Where data was decrypted from • Stored for audit and inspection KMS CloudTrail S3Consumer requests
  • 36. Automating Regulatory Compliance MAS TRM MAS Outsourcing ABS Key Controls
  • 37. Automating Compliance: AWS Config Rules Changes Compliance Engine Automated Response
  • 38. Automating Compliance: Encryption User launches a new server without encryption Automated response to perform encryption Automated response to terminate server AWS Config reviews change against controls you define in near real-time
  • 41. AWS User Guides – APAC Financial Services http://bit.ly/aws-mas http://bit.ly/aws-hk http://bit.ly/aws-aus http://bit.ly/aws-rbi https://aws.amazon.com/financial-services/security-compliance/
  • 42. Design Principles ü Implement a strong identity foundation ü Enable traceability ü Apply security at all layers ü Automate security best practices ü Protect data in transit and at rest ü Prepare for security events ?AWS Well Architected: Security
  • 43. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?